WEBVTT

00:01.850 --> 00:02.150
Hello.

00:02.150 --> 00:04.370
My name is Typhoon will come to this another actually.

00:04.370 --> 00:05.030
Course.

00:05.030 --> 00:12.080
And in this course we're going to go over a few useful scenarios for how to use Google operators.

00:23.940 --> 00:29.430
First, let us search for entitle in title.

00:30.600 --> 00:40.140
Like index of, uh, here you use the backs, uh, the space between index off here and press enter.

00:41.240 --> 00:48.860
So this will give us a list of web pages that support directory browsing, directory browsing, or like

00:48.860 --> 00:49.740
traversal.

00:49.760 --> 00:57.980
So this directory browsing is a hacking method that allows attackers to access restricted directories

00:57.980 --> 01:04.250
and files within the website and executes a command outside the web servers root directory.

01:04.280 --> 01:07.510
Here, as you can see, we've got a very, uh, uh, videos here.

01:07.520 --> 01:13.460
Let's watch this since it's an official applet uploaded to Google.

01:13.890 --> 01:20.000
And I think we if there's no problem if you watch this, some hotel and spa.

01:21.250 --> 01:22.210
Video.

01:22.240 --> 01:25.420
I think it's an advertising.

01:25.750 --> 01:26.560
Yes.

01:26.770 --> 01:28.810
So let's go another website.

01:33.230 --> 01:34.250
Are we have.

01:35.180 --> 01:40.100
Like so much folders and plugins like this.

01:40.950 --> 01:46.110
Like you can dig these files and sometimes you find something useful here.

01:56.550 --> 01:57.060
Here.

01:59.480 --> 02:00.350
Intel.

02:02.020 --> 02:05.020
Uh, this is, I think, some of compilers.

02:05.440 --> 02:08.440
I think it's F compiler.

02:10.250 --> 02:10.560
Mhm.

02:10.670 --> 02:11.480
What's the video's.

02:11.480 --> 02:11.690
Yeah.

02:11.690 --> 02:12.050
Videos.

02:12.050 --> 02:13.280
Files is empty.

02:14.060 --> 02:16.310
As an example let's try in URL.

02:16.310 --> 02:16.820
So.

02:16.970 --> 02:23.240
So as you can see here, so you can actually try and like here.

02:24.070 --> 02:26.740
Investigate these websites for yourself.

02:27.700 --> 02:34.900
I might suggest you do not harm these websites, but it's your choice, of course, so we can also use

02:34.900 --> 02:38.560
in your URL admin admin here.

02:38.560 --> 02:47.380
So this search will return sites that have admin or administrator in the URL itself here.

02:47.380 --> 02:52.240
So sometimes there are associated login pages like this.

02:52.240 --> 02:56.500
For example sillitoe admin portal.

03:01.300 --> 03:01.600
Yes.

03:01.600 --> 03:03.070
This is like Adam.

03:03.070 --> 03:03.820
Pages.

03:03.940 --> 03:10.900
This query will show us admin pages and or administrative login pages of websites.

03:15.970 --> 03:19.480
Let's try a different one in title.

03:21.220 --> 03:23.080
Open web mail.

03:25.530 --> 03:26.040
Here.

03:26.040 --> 03:32.220
So Google will show us some servers out that they are running open web mail.

03:32.220 --> 03:39.720
So you can also try the in title and block password.

03:41.500 --> 03:45.760
Uh, to find blogs or websites powered by every block.

03:45.760 --> 03:50.140
So we block the prone to several different input validation vulnerabilities.

03:50.140 --> 03:56.260
So I could just quickly go and find several targets out there that are using that technology as a part

03:56.260 --> 03:59.710
of my testing process.

03:59.710 --> 04:08.470
So here, as you can see, this is this means that they are using m v block power, as you can see,

04:08.470 --> 04:10.000
powered by in V block.

04:10.420 --> 04:12.730
We can also have open web mail.

04:12.850 --> 04:14.320
This might actually be the web mail.

04:14.320 --> 04:15.760
Actually the open mail.

04:15.760 --> 04:22.150
I think they had some vulnerabilities, which we will try later in this lecture.

04:22.150 --> 04:24.850
This is just an open source intelligence.

04:26.180 --> 04:30.050
The section of our Oxley course.

04:31.500 --> 04:32.100
Here.

04:32.970 --> 04:39.960
Let's actually try the entitled, entitled root, root.

04:40.170 --> 04:44.190
This is the things getting serious here, right past here.

04:44.550 --> 04:50.820
And after that, as you remember in previous lectures, I said you can use in title with another parameters

04:50.820 --> 04:51.540
as well.

04:51.840 --> 04:54.540
And are we going to also add in text?

04:55.960 --> 04:59.890
We are in courts home here like that.

05:06.490 --> 05:13.330
So surprisingly enough, this can show you the password directory for a few Linux boxes.

05:13.360 --> 05:15.910
As you can see, we got just some results here.

05:16.630 --> 05:19.270
This firstly is of course, the Google hacking database.

05:19.270 --> 05:19.750
Google doc.

05:20.230 --> 05:23.040
This is a Google doc that published on Metasploit.

05:23.050 --> 05:27.850
Actually, you can find more google docs and like pen tests your.

05:28.930 --> 05:30.460
Ethical hacking.

05:31.520 --> 05:39.320
Pieters, your ethical hacking skills with this Google Docs as well, of course, do not harm this website.

05:39.350 --> 05:42.650
This is what ethical hacking is.

05:42.830 --> 05:50.690
So error logs are yet another valuable source of reconnaissance information.

05:50.690 --> 05:58.760
So error logs might tell you what is running on their user behavior or even the controls they have put

05:58.760 --> 06:00.200
in place.

06:00.850 --> 06:01.250
Your.

06:02.570 --> 06:13.520
So for our first example, we'll try the in text, in text parameter and in quotes here access denied

06:13.520 --> 06:14.420
for.

06:16.770 --> 06:22.710
And as you can see here, we got the first StackOverflow because someone asked this questions in Web.

06:22.710 --> 06:26.310
Or we can also try the shopping cart.

06:26.400 --> 06:27.420
Shopping cart.

06:31.760 --> 06:39.280
Card so this can show us exactly which sites are using my skill in the back of their shopping cart.

06:39.670 --> 06:46.990
Of course, there is a more precisely way precise way to finding my SQL running websites, but it's

06:46.990 --> 06:52.880
just basic examples of how to find the like in text shopping cart here.

06:52.900 --> 06:54.970
So let's take this step of order.

06:55.030 --> 07:00.970
So you probably already know that you must be careful about which devices you're hooking with, uh,

07:01.180 --> 07:04.420
to the internet and with every device that has a web interface.

07:04.420 --> 07:06.010
So that's because people.

07:06.940 --> 07:09.750
Um, can probably find it.

07:09.760 --> 07:19.840
So I will demonstrate this with in title by typing in title Blue net with your weaver.

07:21.100 --> 07:21.640
Here.

07:22.920 --> 07:23.130
It.

07:24.260 --> 07:26.090
I think the Google.

07:27.720 --> 07:29.490
Oh, we were.

07:31.430 --> 07:31.910
Here.

07:33.260 --> 07:37.040
As you can see, this is an old Google hacking database.

07:37.070 --> 07:39.620
Google, Google Hacking Dog.

07:41.460 --> 07:44.400
Which is actually I think they covered this up.

07:44.520 --> 07:46.650
As you can see, we got no results here.

07:47.280 --> 07:53.730
In some cases, I've been able to use this to take control of a camera on the bridges in the previous,

07:53.730 --> 07:56.940
uh, like 20 tens or fifteens.

07:57.210 --> 08:00.340
But you can do this with several propeller cameras.

08:00.360 --> 08:03.870
You just need to look up the specific name of the camera, for example.

08:03.870 --> 08:05.430
Like, um.

08:05.430 --> 08:06.000
Like.

08:07.070 --> 08:07.670
Here.

08:10.440 --> 08:11.310
Like this.

08:13.170 --> 08:16.530
So let's try another examples.

08:16.920 --> 08:17.820
Example.

08:18.270 --> 08:18.990
Quest.

08:18.990 --> 08:19.770
Quest.

08:19.770 --> 08:21.270
Image that HTML.

08:23.180 --> 08:25.140
You know, this is an another.

08:26.040 --> 08:28.880
Or actually it's not all 2020.

08:28.950 --> 08:30.660
This is an exploit database.

08:31.510 --> 08:32.980
You can see this as well.

08:32.980 --> 08:34.210
Google talk here.

08:34.930 --> 08:36.220
Let's see.

08:37.840 --> 08:39.100
What we got here.

08:42.950 --> 08:44.810
This is some strange oral.

08:45.640 --> 08:46.650
Let's look at this.

08:46.660 --> 08:47.290
Okay.

08:55.820 --> 08:58.410
You can also use in your URL.

08:59.410 --> 09:00.880
Route a c.

09:00.880 --> 09:02.620
P a c.

09:02.620 --> 09:03.250
S.

09:03.460 --> 09:04.510
Anon here.

09:04.510 --> 09:04.750
A.

09:04.750 --> 09:05.170
Non.

09:05.170 --> 09:05.430
A.

09:05.440 --> 09:05.740
C.

09:05.740 --> 09:06.280
S.

09:19.610 --> 09:20.060
Yeah.

09:21.390 --> 09:30.810
So the results will take us directly to the main page of outlook, access, public folders and an exchange

09:30.810 --> 09:32.040
address book.

09:32.210 --> 09:32.850
Here.

09:42.970 --> 09:46.300
Some of some of these websites are actually slow.

09:48.660 --> 09:50.040
Here, as you can see here.